Ok, but in that case the only FLOSS projects from US that can be considered "dangerous" would be those which are both tied to specific US companies and do not have much of a EU presence to be forked in case of such weaponization (with ease of forking being taken into account as well).

And TBH IMO such projects should be avoided in the first place regardless of what US is doing because they tend to use FLOSS as a marketing method than for practical development. Choosing projects which have multiple shareholders, so to speak, is much healthier in the long term.